Search results for: "phishing" | WeLiveSecurity

Search results for: "phishing"

When Trends Collide: Spear Phishing, Security Awareness, COVS and More

The news that Japan's top defense contractor and weapons maker, Mitsubishi Heavy Industries, fell victim to cyber attacks in August is likely to increase the pressure to improve information system security from Tokyo to the Pentagon and every government contractor, outside vendor, and supplier in between. As pointed out in the Reuters report, the Japanese contractor–commonly

New your.brand domain names to increase phishing?

ICANN has just approved a new batch of individualized TLD’s (Top Level Domains), so now you can register your.brand, whatever yourbrand is, instead of the usual yourbrand.com, .net, etc., if you can prove to ICANN you deserve it. The problem? Users tricked by similar looking domain names have long been a boon for phishing exploits,

Anti‑Phishing Day

Too bad it doesn’t exist. I mean really exist. Here is how an anti-phishing day that is designed to be a highly effective educational deterrent to phishing would work. Google, Facebook, Hotmail, Yahoo, Twitter, Myspace, Banks, Online Gaming sites, such as World of WarCraft, and others would all send phishing emails to their users. Yes,

Mobile Devices Favor Malware and Phishing

A while back a malicious program called DroidDream was found on the Google Marketplace. The thing about DroidDream is that it exploited a vulnerability that gave it root access. Now contrast how Google treats security software. Security applications are not allowed to have root access. The truth is that the most popular mobile platforms (and

Phishphloods: Not all Phishing is Spear‑Phishing

You don't need more advice from me on avoiding phishing following the Epsilon fiasco: Randy, among others has posted plenty of sound advice, and I put some links to relevant articles here, though I don't know of anyone who's published a list of the whole 2,500 or so companies that are apparently Epsilon's customers, though comment threads

Spearphishing APT‑itude Test

My latest blog for SC Magazine's Cybercrime Corner looked at the recent APT (Advanced Persistent Threat) attack on RSA, in the light of Uri Rivner's blog on the implementation of the attack.  Unfortunately, the exact nature of the target and damage remains somewhat obscure, so while I certainly consider Rivner's blog worth reading, I also found myself

How to Avoid a Phishing Attack

With the breach of Epsilon, we are going to see a huge influx of phishing attacks before it settles back down to the normal level of tons of phishing attacks. So you aren’t a computer expert, how do you protect yourself? Don't worry about spotting the phish, it is more important that you do not

Inside a phishing attack: 35 credit cards in 5 hours

Phishing attacks have grown steadily in recent years, becoming a highly profitable attack for cyber criminals. In ESET Latin America’s Laboratory, we are used to finding and informing about phishing attack outbreaks in our region. A few days ago, we found a new case of phishing, for which we investigated the effectiveness of the attack.

Why do phishing attacks work better on mobile phones?

During my regular reading on the main feeds on information security this week, I found a small and particular news that, I consider, invites us to think about it. It turns out that according to a post by Mickey Boodaei, CEO of Trusteer, mobile phones users are three times more likely to become victims of

SMishing or IMEI Phishing?

Technically it’s not SMS Phishing… but it’s close: Cybercriminals use the information requested on the web page to clone the smartphone for various uses, including stealing long-distance service from the subscriber or simply using a deniable, disposable smartphone for other criminal activities. In effect, the cybercriminals used phishing techniques to clone smartphones. The strength of

Phishing and Scamming: it’s a Taxing Occupation

SANS posted a story at the Internet Storm Center a couple of days ago that they were seeing fake email from the IRS. (Even I don't have time to read everything on the Internet relating to current information security issues.) The emails described try to kid the victim that they've under-reported or failed to report

Anti‑Phishing Working Group: CeCOS IV

The Anti-Phishing Working Group has asked its members to publicize the forthcoming Counter eCrime Operations Summit in Brazil, which I'm pleased to do. This year the APWG is hosting it's fourth annual Counter eCrime Operations Summit (CeCOS IV) on May 11, 12 & 13 in São Paulo, Brazil.  The Discounted Early Bird Registration rate will

iPhishing – gathering iPhone data

As posted a few minutes ago on Mac Virus, Dancho Danchev has posted information on a phishing campaign where the bad guys are impersonating Apple in order to steal sensitive device information from iPhone users. Dancho’s post, which has lots of other links, is at: http://blogs.zdnet.com/security/?p=5460&tag=col1;post-5460 David Harley CISSP FBCS CITP Director of Malware Intelligence ESET

PayPal and Phishing Continued: Grooming Phish Victims

In view of some of the discussion generated by Randy’s blog on PayPal’s “confession” of “phishing”, it’s refreshing to see a straightforward summary of the issue from the estimable Larry Seltzer for PC Mag (see http://blogs.pcmag.com/securitywatch/2009/12/paypal_admits_to_phishing_its.php?sms_ss=twitter). PayPal’s view of the issue seems equivocal. They’ve gone to some lengths to dismiss this issue as the agenda of

PayPal Admits to Phishing Users

Yes, it is true, I am not making this up. I do not believe that PayPal has stolen anything from users, but they have told me that their own email is phishing. Here’s what happened. I sent them one of their own legitimate emails and told them it was a bad idea to include a